HMAC calculation

The HMAC calculation for Masterpass transactions differ a bit from the standard HMAC calculation.

Description

The MAC secures the key-value pairs which is considered part of the secured message. A key-value pair having a key which is either prefixed by "s_" or appears on the list of keys recognised by DIBS is considered a part of the secured message, and all other key-value pairs are ignored in the calculation. The key-value pairs in the secured message must be sorted by the key in ASCII-order with upper and lower case letters grouped seperately. The key and value must be separated by a "=", and each key-value pair should be separated by a "&".
The following example illustrates above rules:

Please note – the array's name (“cartContent”-in this example) is ignored where only the content of it is added to the MAC-string. Furthermore it should be noticed that upper case keys comes before lower case keys, e.g. "Quantity" before "acceptableCards", and that integers (such as the "Value" parameter), should be sorted as if it was a string (so e.g. 10 before 9).

The MAC is calculated using the HMAC algorithm with SHA-256. The HMAC algorithm requires a message and one key. The message is the above message and the key is the merchant specific key found in the DIBS Administration:

DIBS Administration / Preferences / HMAC key

Calculation method

The HMAC calculation is done using the secret key found in the DIBS Admin. The calculation should be done as following:

MAC = HMAC-SHA256(hexDecode(K),M)

where K denotes the shop specific key found in the DIBS Administration and M is the previously mentioned message.